CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

EUVD-2025-202316

Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

PT-2025-48949

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLD INSERT LIBRARIES environment...

EUVD-2019-11393

Malware in sbrugna...

EUVD-2020-17151

Malware in sbrugna...

CVE-2025-27237

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

CVE-2025-27237

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

CVE-2025-27237 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

PowerSploit

This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell scripts that can be used to exploit vulnerabilities in Windows systems. The repository contains several modules, including AntivirusBypass and CodeExecution, which provide various functions for bypassi...

CVE-2025-5255

The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library Dylib injection. A local attacker with unprivileged access can use...

Postbox 安全漏洞

Postbox is an email client software from Postbox, Inc. A security vulnerability exists in Postbox that stems from allowing dynamic library injection, which could lead to a local attacker bypassing TCC...

Core.ai Phoenix Code 安全漏洞

Core.ai Phoenix Code is a lightweight text editor from Core.ai India. A security vulnerability exists in Core.ai Phoenix Code that stems from allowing dynamic library injection, which could lead to a local attacker bypassing TCC...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat that stems from a TCC policy that can be bypassed, potentially leading to a DYLIB injection attack that could perform unauthorized actions or elevation of privilege...

CVE-2023-26818

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLDINSERTLIBRARIES flag...

CVE-2017-14397

AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability...

CVE-2024-11128

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection DYLD injection without being blocked by AppleMobileFileIntegrity AMFI. This issue is caused by the absence of Hardened Runtime or Library Validation signing...

CVE-2024-11128

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection DYLD injection without being blocked by AppleMobileFileIntegrity AMFI. This issue is caused by the absence of Hardened Runtime or Library Validation signing...

Bitdefender Virus Scanner 安全漏洞

Bitdefender Virus Scanner is a virus scanner program from Bitdefender. A security vulnerability exists in Bitdefender Virus Scanner versions prior to 3.18, which stems from the lack of a Hardened Runtime or Library Validation signature and may allow dynamic library injection...